Skip to content

Editing ClientConf

Jump to bottom
A edited this page Aug 5, 2024 · 3 revisions

Overview

The ClientConf contains information on what public keys to use, decoy sites are available (for Tapdance or Conjure decoy registrar), and what phantom subnets to use and their respective weights. There is a util in the gotapdance repository that will let you view/edit a ClientConf in gotapdance/tools/clientconf.

E.g. ./clientconf -f ../../assets/ClientConf.dev will show:

Generation: 1120
Default Pubkey: 8c34e2362f33707ff4b001f31302b1968fe8d67fb8843ee11c60df61b9e17609
Conjure Pubkey: 8c34e2362f33707ff4b001f31302b1968fe8d67fb8843ee11c60df61b9e17609
Decoy List: 6 decoys
0:
  tapdance1.freeaeskey.xyz (192.122.190.104 / [<nil>])
1:
  tapdance2.freeaeskey.xyz (192.122.190.105 / [<nil>])
2:
  tapdance3.freeaeskey.xyz (192.122.190.106 / [<nil>])
3:
  decoy2.refraction.network (192.122.190.105 / [<nil>])
4:
  decoy2.refraction.network (0.0.0.0 / [2001:48a8:687f:1::105])
5:
  decoy1.refraction.network (192.122.190.126 / [<nil>])

Phantom Subnets List:

weight: 9, support random port: true, subnets:
 0: 192.122.190.0/24
 1: 2001:48a8:687f:2::/64

weight: 1, support random port: true, subnets:
 2: 141.219.0.0/16
 3: 35.8.0.0/16
DNS registrar:
  method: UDP
  target: 
  domain: r.refraction.network
  pubkey: 
  utls:   
  stun:

Updating the ClientConf

  1. Ensure that the new ClientConf has a unique generation number (typically incremented from the past)
  2. Add the ClientConf to the decoy-lists repository (https://github.com/refraction-networking/decoy-lists/tree/master/generations) and update the NOTES file with the relevant change log (e.g. "Added new subnet for ISP X")
  3. Add the phantom_subnet to the decoy-lists repository (https://github.com/refraction-networking/decoy-lists/tree/master/phantom_subnets) Note that the format is based on, but slightly different from the -subnet-file provided to the clientconf tool originally: it contains the generation number in the hierarchy (e.g. Networks.1166) (TODO: make util that automatically generates phantom_subnet.toml in this format from old phantom_subnet.toml and new ClientConf)
  4. Add the ClientConf to the decoy-lists repository (https://github.com/refraction-networking/decoy-lists) as current_decoys.blob
  5. Use the clientconf tool from gotapdance to print decoys to a file and add it to https://github.com/refraction-networking/decoy-lists) as current_decoys.txt
  6. On each station, update the phantom_subnets.toml file (pointed to by conjure.conf, typically in /var/lib/conjure). Restart each application to load the new configuration
  7. Update the ClientConf and phantom_subnets.toml files on each registration server (e.g. in /var/lib/conjure on reg1.refraction.network, reg2.refraction.network)
  8. Update the ClientConf and phantom_subnets.toml files on the registrations tracker server (under /var/lib/conjure/)
  9. Update the reg_config.toml's bidirectional_api_generation = to the latest generation (e.g. the one you just added) on each registration server
  10. Restart each registration server. This will start serving the new ClientConf to users
  11. Confirm the new ClientConf is being used in Kibana ("Conjure client tunnel count by generation")
Clone this wiki locally